Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | ||||
| CVE-2015-0258 | 3 Canonical, Debian, O-dyn | 3 Ubuntu Linux, Debian Linux, Collabtive | 2024-11-21 | 8.8 High |
| Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | ||||
| CVE-2014-9619 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | ||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | ||||
| CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | ||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | ||||
| CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | ||||
| CVE-2014-4912 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | ||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 9.8 Critical |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | ||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2014-2592 | 1 Arubanetworks | 1 Web Management Portal | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2014-2025 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. | ||||
| CVE-2014-1214 | 1 Projoom | 1 Smart Flash Header | 2024-11-21 | 8.8 High |
| views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | ||||
| CVE-2014-10074 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A |
| Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | ||||
| CVE-2013-7426 | 1 Kamailio | 1 Kamailio | 2024-11-21 | N/A |
| Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | ||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 8.8 High |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | ||||
| CVE-2013-6234 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.0 High |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | ||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-11-21 | 8.8 High |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | ||||